Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google’s February Android Security Bulletin, released Monday, also warns of a second critical flaw that could allow a remote hacker to gain access to an Android handset and obtain sensitive data.
Tracked as CVE-2020-0022, the remote code execution (RCE) bug impacts Android versions Pie (9.0) and Oreo (8.0, 8.1). The same CVE also impacts Google’s most recent Android version, called 10. However, with Android 10, the severity rating is moderate and the impact is not a RCE bug, but rather a denial of service threat.
